package com.sora.novel.common.json.deserializer;

import com.fasterxml.jackson.core.JacksonException;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;

import java.io.IOException;

/**
 * @Classname: GlobalJsonDeserializer
 * @Description: JSON 全局反序列化器
 * @Author: Stonffe
 * @Date: 2023/6/8 10:53
 */
public class GlobalJsonDeserializer {
    /**
     * 字符串反序列化器：过滤特殊字符，解决 XSS 攻击
     */
    public static class StringDeserializer extends JsonDeserializer<String> {
        @Override
        public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JacksonException {
            return jsonParser.getValueAsString().replace("<", "&lt").replace(">", "&gt");
        }
    }
}
